From 6d3ba1f7653822c0f8ac9a9af56daaa2cd8bbcad Mon Sep 17 00:00:00 2001 From: Zachary Rice Date: Fri, 31 Jan 2025 09:20:20 -0600 Subject: [PATCH] Enable Auth0 (#3857) * hit urls with a unique * Update pkg/detectors/auth0oauth/auth0oauth.go Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com> * cleanup --------- Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com> --- pkg/detectors/auth0oauth/auth0oauth.go | 30 ++++++++++++++------------ pkg/engine/defaults/defaults.go | 3 ++- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/pkg/detectors/auth0oauth/auth0oauth.go b/pkg/detectors/auth0oauth/auth0oauth.go index 1c7a8a687828..b6c074b9b489 100644 --- a/pkg/detectors/auth0oauth/auth0oauth.go +++ b/pkg/detectors/auth0oauth/auth0oauth.go @@ -13,7 +13,7 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" ) -type Scanner struct{ +type Scanner struct { detectors.DefaultMultiPartCredentialProvider } @@ -37,20 +37,22 @@ func (s Scanner) Keywords() []string { // FromData will find and optionally verify Auth0oauth secrets in a given set of bytes. func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { dataStr := string(data) + uniqueDomainMatches := make(map[string]struct{}) + uniqueClientIDs := make(map[string]struct{}) + uniqueSecrets := make(map[string]struct{}) + for _, m := range domainPat.FindAllStringSubmatch(dataStr, -1) { + uniqueDomainMatches[strings.TrimSpace(m[1])] = struct{}{} + } + for _, m := range clientIdPat.FindAllStringSubmatch(dataStr, -1) { + uniqueClientIDs[strings.TrimSpace(m[1])] = struct{}{} + } + for _, m := range clientSecretPat.FindAllStringSubmatch(dataStr, -1) { + uniqueSecrets[strings.TrimSpace(m[1])] = struct{}{} + } - clientIdMatches := clientIdPat.FindAllStringSubmatch(dataStr, -1) - clientSecretMatches := clientSecretPat.FindAllStringSubmatch(dataStr, -1) - domainMatches := domainPat.FindAllStringSubmatch(dataStr, -1) - - for _, clientIdMatch := range clientIdMatches { - clientIdRes := strings.TrimSpace(clientIdMatch[1]) - - for _, clientSecretMatch := range clientSecretMatches { - clientSecretRes := strings.TrimSpace(clientSecretMatch[1]) - - for _, domainMatch := range domainMatches { - domainRes := strings.TrimSpace(domainMatch[1]) - + for clientIdRes := range uniqueClientIDs { + for clientSecretRes := range uniqueSecrets { + for domainRes := range uniqueDomainMatches { s1 := detectors.Result{ DetectorType: detectorspb.DetectorType_Auth0oauth, Redacted: clientIdRes, diff --git a/pkg/engine/defaults/defaults.go b/pkg/engine/defaults/defaults.go index 14613ab174bb..74740b3a49c1 100644 --- a/pkg/engine/defaults/defaults.go +++ b/pkg/engine/defaults/defaults.go @@ -53,6 +53,7 @@ import ( atlassianv2 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/atlassian/v2" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/audd" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/auth0managementapitoken" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/auth0oauth" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/autodesk" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/autoklose" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/autopilot" @@ -879,7 +880,7 @@ func buildDetectorList() []detectors.Detector { &atlassianv2.Scanner{}, &audd.Scanner{}, &auth0managementapitoken.Scanner{}, - // &auth0oauth.Scanner{}, + &auth0oauth.Scanner{}, &autodesk.Scanner{}, &autoklose.Scanner{}, &autopilot.Scanner{},